Re: [sleuthkit-developers] TskAuto filterVs

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On 8/22/13, Brian Carrier <ca...@sl...> wrote:
 > On Aug 22, 2013, at 6:13 AM, Robert James <sro...@gm...> wrote:
 >
 >> I'm using TskAuto and would like to implement the filterVs method.  I
 >> have a few questions:
 >>
 >> 1. filterVs receives a C structure (const TSK_VS_INFO *).  I'd like to
 >> access it via the C++ TskVsInfo wrapper.  But simply doing
 >> TskVsInfo(vs_info) gives compiler errors due to the const attribute of
 >> the struct's pointer.  There doesn't seem to be a constructor for
 >> TskVsInfo which takes a const pointer.
 >>
 >> How should I initialize the TskVsInfo from the TSK_VS_INFO struct
 >> passed to filterVs?
 >
 > It appears that you can't.  But, what do you want to do with the
 > TSK_VS_INFO/TskVsInfo struct/class?
 >
 > The main motivation for filterVs is to let the app skip the system or not.
 > If you decide to process it, then you'll get another callback for each
 > partition in filterVol().
 >
> Knowing your use case could help to change the design (we've designed these
 > based on our use cases).

My use case isn't as a filter, but to have the volume system and
 partition info available during processFile. I didn't see anyway to
 pick these up directly, so I overrode the filter methods to store
 currentVol in member variables.

 (I can do this with the C *_INFO structs, but, if classes are
 available, prefer those.)

 > Hope this helps.  If this gets more into the weeds, let's drop the
 > sleuthkit-users list off.

Thank you! Moved to sleuthkit-developers list.